Fd aril C m nicsti& Cnmmiei n
rules with the release of the EPIC CPNI Order, which adopted additional safeguards to protect CPNI
against unauthorized access and disclosure.8 The EPIC CPIVI Order was directly responsive to the
actions of databrokers, or pretexters, to obtain unauthorized access to CPNI.9 The EPIC CPNI Order
requires that all companies subject to the CPNI rules file annually, on or before March 1, a certification
with the Commission pursuant to amended rule 47 C.F.R. 64.2009(e).i Additionally, companies must
now provide, with their certification, "an explanation of any actions taken against data brokers and a
summary of all customer complaints received in the past year concerning the unauthorized release of
5. The Bureau sent a Letter of Inquiry ("LOl") to International Access on September 5, 2008,
asking it to provide copies and evidence of its timely filed CPNI compliance certificate for 2007, which
was due by March 1, 2008, pursuant to section 64.2009(e) of the Commission's rules or an explanation as
to why no certification was filed.12 International Access submitted a response to the LOI on September
17, 2008.'1 The Bureau concluded that International Access failed to submit satisfactory evidence of its
timely filing of the annual CPNI compliance certification.'4 Accordingly, on February 24, 2009, the
Bureau released the Omnibus NA L against numerous companies, including International Access,
proposing a monetary forfeiture of twenty thousand dollars ($20,000) for its apparent failure to comply
with section 64.2009(e) of the Commission's rules,"5 and the Commission's EPIC CPNI Order, and
ordered the Company either to pay the proposed forfeiture or file a written response within thirty (30)
days of the release date stating why the proposed forfeiture should be reduced or canceled. International
Access and the Bureau entered into settlement discussions.
III. TERMS OF AGREEMENT
6. Adopting Order. The Parties agree that the provisions of this Consent Decree shall be
subject to final approval by the Bureau by incorporation of such provisions by reference in the Adopting
Order without change, addition, modification, or deletion.
a EPIC CPNI Order, 22 FCC Rcd 6927. Specifically, pursuant to section 64.2009(e): A telecommunications carrier
must have an officer, as an agent of the carrier, sign and file with the Commission a compliance certificate on an
annual basis. The officer must state in the certification that he or she has personal knowledge that the company has
established operating procedures that are adequate to ensure compliance with the rules in this subpart. The carrier
must provide a statement accompanying the certification explaining how its operating procedures ensure that it is or
is not in compliance with the rules in this subpart. In addition, the carrier must include an explanation of any actions
taken against data brokers and a summary of all customer complaints received in the past year concerning the
unauthorized release of CPNI. This filing must be made annually with the Enforcement Bureau on or before March
I in EB Docket No. 06-36, for data pertaining to the previous calendar year. 47 C.F.R. 64.2009(e).
9 EPIC CPNI Order, 22 FCC Rcd at 6928.
'0 Id at 6953; 47 C.F.R. 64.2009(e).
" EPIC CPNI Order, 22 FCC Rcd at 6953.
12 See note 2, supra.
" See email from Cynthia Molar to Marcy Greene (Sept. 17, 2008).
'4 Annual CPNI Certification, Omnibus Notice of Apparent I.iability for Forfeiture, 24 FCC Red 2299 (Enf Bur.
2009) ("Omnibus NAL").
United States. Federal Communications Commission. FCC Record, Volume 26, No. 7, Pages 4843 to 5761, March 28-April 08, 2011. Washington D.C.. UNT Digital Library. http://digital.library.unt.edu/ark:/67531/metadc52169/. Accessed November 28, 2014.